the forgerock platform big picture

IRM Summit 2014

Open Identity Stack

2IRM Summit 2014

Evolution To IRM

Employees

Consumers

Employees &Partners

Things

PerimeterPerimeter Federation

Perimeter-lessFederation

Cloud / SaaS

Perimeter-lessFederation

CloudSaaS

Mobility

AttributesContext

Stateless

Relationships

3IRM Summit 2014

ForgeRock ProductsUnified, Scalable, Open Source IAM Solutions

FORGEROCK.COM | CONFIDENTIAL

Contextual-Based Access Management

Hybrid Cloud and Enterprise Identity

Management

Internet Scale Directory Services

Identity-AwareApplication Gateway

4IRM Summit 2014

ForgeRock Stack

Por

tals

, ap

plic

atio

ns,

web

ser

vice

s, A

PI’s

• Registration & Self-Service• Auditing & Compliance• Workflow & Reporting• Native connectors• REST API

• Authentication & session• Authorization & policy• Entitlements• Federation• REST API

• Identity Store• Directory Proxy• REST API

Partners

• Reverse Proxy • App / Mobile

Gateway

Legacy Apps

ICF

• IdentityConnector

FrameworkIden

tity

A

dm

inis

trat

ion

Acc

ess

Man

agem

ent

Iden

tity

Dat

a

• Provisioning• SSO

Cloud Apps

Consumers & Customers

Enterprise Apps

Devices & Things

• Federation

Data Centers

• HA • Replication

CloudConnect

OpenIG

5IRM Summit 2014

Leading Stack VendorsAcquisition Architecture – Employee Scale – Massive TCO

Access Manager

Identity Federation

Identity Manager

Mobile Security Suite

Directory Server

Entitlements Server

Enterprise SSO

Identity Governance

Adaptive Access

Web Services Security

Enterprise AppsMobile Apps Things

6IRM Summit 2014

ForgeRock Vision Simple

Scalable

Modular

Embeddable

Common REST framework

Common UI model

Community participation

7IRM Summit 2014

Integrated Stack Components

■ ForgeRock REST (CREST)

■ ForgeRock HTTP Framework

■ AuthN and AuthZ Filters

■ ForgeRock UI

■ OpenID Connect, OAuth, SAML2

■ API Descriptors

■ Scripting

8IRM Summit 2014

OpenAM

ForgeRock REST (Commons REST)ForgeRock REST (Commons REST)

Protected ResourcesProtected Resources

WebAgentsWeb

AgentsJavaEEAgentsJavaEEAgents

Web ServicesAgents

Web ServicesAgents

User InterfaceUser Interface

End User End User

ForgeRock UI FrameworkForgeRock UI Framework

Core ServicesCore Services

Authentication Authentication EntitlementsEntitlements Session Session AuditAuditOAuthOAuth

Core Token Service Core Token Service OpenID Connect OpenID

Connect Configuration Configuration

ScriptingScripting User Management

User Management

Secure Token Service

Secure Token ServiceXACMLXACML Federation Federation

SPIs SPIs

Authentication Plugins

Authentication Plugins

Policy PluginsPolicy Plugins

User MgmtPlugins

User MgmtPlugins

Token ServicePlugins

Token ServicePlugins

Federation Plugins

Federation Plugins

Persistence (OpenDJ)

Universal GatewayUniversal Gateway

Management Management

9IRM Summit 2014

OpenIDM OSGI OSGI

Persistence (OrientDB)


ForgeRock REST RouterForgeRock REST Router

Business Logic (Javascript, Groovy)Business Logic (Javascript, Groovy)

Authentication Filter (JASPI)Authentication Filter (JASPI)

Jetty Web ServerJetty Web Server

ConfigurationConfigurationManaged Users

Managed Users Sync/ReconSync/Recon System

(Connectors)System

(Connectors)

SchedulerScheduler Task Scanner

Task ScannerAudit/LogsAudit/Logs

PolicyPolicy AuditAudit

10IRM Summit 2014

OpenDJUser InterfaceUser Interface

End User End User Management Management


ForgeRock REST ForgeRock REST

Core ServerCore Server

Replication Replication AuditingAuditingLDAPV3 LDAPV3 Caching Caching Monitoring Monitoring

Password Policy

Password Policy GroupsGroups Schema

ManagementSchema

ManagementREST2LDAPREST2LDAP Access Control Access Control

Backend ServicesBackend Services

PersistencePersistence ConnectorsConnectors LDIFLDIF MemoryMemoryChange LogChange Log

Java SDK/ LDAPv3 Java SDK/ LDAPv3

Web ApplicationWeb Application

REST2LDAPREST2LDAP

ForgeRock REST ForgeRock REST

11IRM Summit 2014

OpenIG

Core ProcessingCore Processing

Http FrameworkHttp Framework

HTTP FrameworkHTTP Framework

CookiesCookiesHeadersHeaders Search ExtractSearch Extract CryptoCrypto

RoutesRoutes

OpenID ConnectOpenID ConnectOAuth2OAuth2 SAML2SAML2 ScriptingScripting

AuditAudit

FiltersFilters

HandlersHandlers

12IRM Summit 2014

OpenIDM Architecture

OSGI OSGI




Business Logic (Javascript, Groovy, Java)Business Logic (Javascript, Groovy, Java)



ConfigurationConfigurationManaged Users

Managed Users Sync/ReconSync/Recon System

(Connectors)System

(Connectors)

SchedulerScheduler WorkflowWorkflowAudit/LogsAudit/Logs


OpenIDM Architecture

… architecting a next generation stack

RESTful API for Internet Scale


Create, Read,

Update, Delete

...

Addressable (URI/URL)

system/ldap/account

Resource

Route to resources

Consistent Internal & External Access



Jetty Web ServerJetty Web ServerAutomatic HTTP Mapping

GET → readPUT → update, ...

UI, console, cli, ..

Java or scripting callsopenidm.read()

openidm.update(), ...

Modular, Pluggable

OSGI OSGIForgeRock UI FrameworkForgeRock UI Framework





ConfigurationConfiguration System (Connectors)

System (Connectors)

Modules

Serviceregistration

system/google/accountconfig/schedule/x

Common Enforcement Point

OSGI OSGIForgeRock UI FrameworkForgeRock UI Framework






Common authentication

framework

Cross cutting filters, authorization,

enforcement, ...

Core Modules

OSGI OSGI







ConfigurationConfigurationManaged Users, Roles...

Managed Users, Roles... Sync/ReconSync/Recon System

(Connectors)System

(Connectors)

SchedulerScheduler WorkflowWorkflowAudit/LogsAudit/Logs


Flexible Data Model

OSGI OSGI







Managed Users, Roles...

Managed Users, Roles...


Really, Managed ObjecObjectt

PUT managed/phone/x

{ “sim” : “...”, “IMEI” : “...”, …}

Facilities workon different types

20IRM Summit 2014

API Strategy

Conscious, proactive designDeveloper-focused Consistent

Easy to useModern

21IRM Summit 2014

API Strategy

Conscious, proactive designDeveloper-focused Consistent

Easy to useModern

JSONREST

ROA

22IRM Summit 2014

API Strategy

23IRM Summit 2014

CREST API

24IRM Summit 2014

CREST Framework

25IRM Summit 2014

AuthN and AuthZ Filters

26IRM Summit 2014

Open Identity Stack UI Model

■ “Single-Page Web App” style

■ Single UI model for all products

■ Built on ForgeRock REST (CREST)

■ Common UIs for: – User management– Registration and Self Service– Login and Password Reset

■ Build on shared services for Authentication

27IRM Summit 2014

ForgeRock UI Library Stack

jQuery (General utlity) + jQuery UI (Widgets)

Backbone.js + Require.js (Modular MVC Architecture)

Handlebars.js (Templating)

Underscore.js (General utility)

Less.js (CSS preprocessor)

Built on ForgeRock REST and Common Services

Caters to the web developers of today

28IRM Summit 2014

Demo■ OpenAM as the IDP

■ OpenDJ as the User and Config Store

■ OpenIDM provisioning to DJ

■ Commons– ForgeRock REST in OpenAM, OpenIDM, OpenDJ– Filters protecting OpenIDM– ForgeRock UI in OpenIDM and OpenAM

29IRM Summit 2014

Questions ?

the forgerock platform big picture

Software

confidentialirm summit

relationshipsirm summit

r o oc kc ku ui

open identity stackirm

forgerock stackportals

forgerock productsunified

restful api

readput update